Introduction

Managing permissions with PowerShell is only a bit easier than in VBS or the command line as there are no cmdlets for most day-to-day tasks like getting a permission report or adding permission to an item. PowerShell only offers Get-Acl and Set-Acl but
everything in between getting and setting the ACL is missing. This module closes the gap.

Documentation

The cmdlets are yet not documented so Get-Help will just show the syntax. Prodiding documentation is planned tough.

Installation

Just create the folder "NTFSSecurity" in one of the standard module folders and copy the files attached in there. The standard module folders are in the environment variable %PSModulePath%, for example C:\Users\<username>\Documents\WindowsPowerShell\Modules.

For example, all the files in the zip file have to be in "C:\Users\raandree\Documents\WindowsPowerShell\Modules\NTFSSecurity". If you did this then the module should be listed in "Get-Module -ListAvailable" and can be imported using "Import-Module
NTFSSecurity".

Description

The module provides 10 cmdlets to manage permissions on the file system, like adding and removing ACEs, setting the inheritance, getting the current permissions or even get the effective permissions for a certain user.

The available cmdlets are listed below with a short description. More information can be retrieved in the PowerShell using Get-Help.

All cmdlets have at least one parameter that supports the pipeline. They all can work with pipeline input coming from Get-ChildItem but some do more with what comes form the pipeline.

Remove-Item2, Move-Item2 and Copy-Item2 now support the WhatIf and Confirm

4.1

The Attributes parameter for Get-ChildItem2 works the same like he one on the standard cmdlets Get-ChildItem as requested

Remoce-NTFSAccess can no remove access from existing Access Control Entries. The old behaviour is still available using the -RemoveSpecific switch parameter

4.0

The NTFSAccess cmdlets can now work on Security descriptors to allow bulk processes

Code cleanup for better performance and maintainability

Bug Fixes

3.2.3

Fixed a bug in GetInheritedFrom that resulted in "Invalid Path" or "Path not found" errors

3.2

Bugfixing managing auditing

Fixed various Bugs reported on CodePlex

3.1

All cmdlets have the prefix NTFS now. There are aliases for backward compatibility

The new version of Get-NTFSEffectivePermission uses AuthzAccessCheck instead of GetEffectiveRightsFromAcl

Previous Get-NTFSEffectivePermission cmdlet has been renamed to Get-NTFSEffectivePermissionOld

Added FileSystemAuditRule2 to the PowerShell formatters

Added InheritedFrom information to FileSystemAuditRule2

3.0

This version leverages the AlphaFS (http://alphafs.codeplex.com) to work around the MAX_PATH limitation of 260 characters

This requires new *-Item commands to be able to discover items with a log path

GetChildItem2 (dir2)

Get-Item2 (gi2)

Remove-Item2 (del2, rm2)

For inherited ACEs the InheritedFrom is displayed

Generic access rights are supported

Performance Improvements

Bug Fixes

2.4

Remove-Access did not remove Deny ACEs when using the pipeline (for example: Import-Csv .\access.txt | Remove-Access)

Add-Access did not remove Deny ACEs when using the pipeline (for example: Import-Csv .\access.txt | Add-Access)

The parameter Account was undiscoverable when using the pipeline

2.3

The module now makes full use of the Backup, Restore privilege and TakeOwnership so as an administrator you can edit permissions on objects that you do not have explicitly access to. Privileges are enabled by default if the value 'EnablePrivileges' is true
in the NTFSSecurity.psd1. The new cmdlets Get, Disable and Enable-Privileges are for manual control.

The Path parameter now works consistently

2.1

Fixed bugs with Set-Owner

Added support for also managing auditing (SACL)

2.0 Beta

A bunch of new commands: Get-SimpleAccess, Get-SimpleEffectiveAccess, Show-SimpleAccess, Show-SimpleEffectiveAccess, Copy-Access

All cmdlets are now written in C#

Fixed a number of bugs

1.3

Fixed an issue with parameter handling

Now works with PowerShell V3

1.2

Fixed some issues with path validation

Fixed documentation bugs

1.1

Fixed the issue with square brackets in paths

Performance improvements

1.0

Last tests did not reveal any issue. PowerShell has a problem handling files that have square brackets in the file name. Therefore this module inherits the issue.

join us

Complete this form to send a request to become a member of this project. Enter any comments that
you wish for the project coordinators to see when approving your request, for example
what role you would like to have in the project.